Skills
skills/madearga/agent-skills/debug-opensrc/Gen Agent Trust Hub

debug-opensrc

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by instructing the agent to fetch and "read every line" of third-party source code. This external content is untrusted and could contain malicious instructions designed to subvert the agent's logic.
  • Ingestion points: Commands such as cat $(opensrc path <package>) and rg read untrusted external code from the ~/.opensrc/ cache into the agent's active context.
  • Boundary markers: The instructions lack delimiters or specific warnings to the agent to ignore embedded instructions within the source code being analyzed.
  • Capability inventory: The agent uses shell commands (rg, cat, ls, find) and the opensrc tool to interact with the filesystem and network.
  • Sanitization: No sanitization or validation of the fetched source code is performed before it is presented to the agent for analysis.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands (rg, cat, find, ls) to investigate fetched source code and manage a local cache. This behavior is inherent to the skill's purpose but confirms the agent's ability to execute commands on the host system.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 07:06 PM